A few days ago, I ran into an ugly bug on different Scientific Linux 6.3 hosts (therefore this should also affect RHEL 6.3 and CentOS 6.3). The network hangs while the system itself is up, running and responsive. “Just” no network. Restarting the affected network interfaces is not enough, only a complete reboot brings the Intel 82574L-based network cards back to life (those NICs are onBoard on the Supermicro X9SCM-F and X8SIL mainboards of the affected hosts, so I can't simply change them). The logs showed entries like the following:

It seems that the ASPM of the Intel 82574L is broken. The corresponding Linux driver “e1000” therefore has this chip on its ASPM blacklists and disables it when the systems boots. However, there is some side effect which re-enabled the NIC'S ASPM state L1 after a network connection was established. This does not happen on all Linux flavors and kernel versions, but it happens at least on Scientific 6.3 with kernel 2.6.32-279.19.1.

Workaround: disable the NIC's ASPM after the system boots

A quick workaround is to manually disable the NIC'S ASPM after the system booted and the network “stabilized” (e.g. after a few minutes). The following command disables ASPM for a device:

setpci -s <ID-of-device> CAP_EXP+10.b=40

You can use lspci -vnn to get the device ID (first number of the line, 02:00.0 in the following example output):

About a month ago, I introduced the “Puppet boilerplate modules” project with the goal to help users to create Puppet modules in a fast and comfortable way. I got much positive feedback and the “new module wizard” helped to create tons of modules for e.g. the companies I work for and with. Everything seems to be fine so far.

But what I really want to write about is a new GIMP example module I created for the puppet-boilerplate-modules-example-content repository. It is based on a new boilerplate (application-004) which comes with additional preparations for software with plugin/extension/modules (or however the application's nomenclature calls such components). So check it out if you want to see what to expect and if the new content might be useful for you.

Many users of goQR.me2) asked us if we could embed print-quality images into their QR Codes and how much this service would cost. Therefore we thought it would be useful to offer this service on a separate page. So there it is: QR Code with logo.

QR Codes are a great mobile marketing tool. Their unusual appearance is raising awareness and they can be scanned in seconds with almost every smartphone. A Logo QR Code works even better for most advertising purposes because the graphic creates additional attention and shows the user whom or what to expect before scanning it. So check it out.

My colleague and I are maintaining a “Puppet boilerplate modules” project (something like puppet module generate on steroids). To keep up with the OSS spirit, we thought it would be a good idea to share it with the community.

The project helps you to create high quality Puppet modules in a fast and comfortable way. Main goals are to boost efficiency and Puppet code quality. Use it if you want to get module skeletons with:

Some explanatory notes

Every boilerplate comes with different manifest files, each encapsulates the Puppet code for a specific job. This ensures a clean module structure. The name of the manifest should say what it does in general, the RDoc block at the top provides more details. Example: the application-002 boilerplate comes with the following files in /manifests:

init.pp
Contains the main module class. It validates the module parameters and coordinates the actions (e.g. by chaining resources).

params.pp
Sets the default values for the parameters of the main module class (→ init.pp) and manages internal module variables. Therefore, many operating system dependent differences like package names are addressed in here.

package.pp
Coordinates all software package management related actions. Normally, there is no need to edit this file.

config.pp
Coordinates all configuration related actions. Many modules won't need this because most there is no need for a special application configuration. If so, just delete the file and thereferences in init.pp.

repo.pp
Coordinates all package repository related actions. Many modules won't need this because an additional repository is not needed to install the application. If so, just delete the file and thereferences in init.pp.

Everything you must edit/check after you generated a module is marked with a FIXME/TODO. E.g. when the package list or some class calls when using the application-002 boilerplate.

You don't need to use GitHub/Bitbucket. The DVCS repository hosting part of the wizard is completely optional.

There is always room for improvement. If you're able to add any contributions to make our project better, please let me know or discuss your thoughts right here in the comments.

Update 2012-05-30: I changed the links and text regarding the new puppet example content.

I upgraded the OS of two servers last weekend. The planned downtime was also used to install LSI 3ware 9650SE-4LPML RAID controllers plus Battery Backup Unit (BBU). The BBU enables the controller to keep the write cache during a power failure. However, I was not able to create a RAID array with “Write Cache: enabled” on one system. I always got the message “Parameter not changeable” when the configuration was stored.

The solution was simple: wait. The Battery Backup Unit (BBU) on the system was not charged enough, therefore the controller denied enabling the “Write Cache” setting. So if you get the message “Parameter not changeable” when configuring a LSI 3ware Raid Controller, check if the “Write Cache” setting is the root of it and if a charging or failed BBU caused it. You can check the BBU status in the Controller BIOS Setup (I found “BBU Ready: no” in “Information→Battery”).

I'm fairly new to the Red Hat and Fedora Linux eco-system. Therefore I just wanted to teach myself some details about RPM and YUM today, especially how to use the commands to handle package signatures and repository GPG keys.5) I noticed many unanswered forum postings during my research. That's why I decided to write this little blog entry, helping search-engine users to find more answers than questions.

List and verify keys

List all GPG keys on the RPM/YUM keyring:

rpm -q 'gpg-pubkey-*' | sort

The GPG keys are handled as gpg-pubkey-XXXXXXXX-YYYYYYYY packages. XXXXXXXX is the key ID in lowercase chars without 0x prefix. YYYYYYYY is the key creation time as unix timestamp in hex without 0x prefix.6) Example usage:

The GPG keys are handled as gpg-pubkey-XXXXXXXX-YYYYYYYY packages. XXXXXXXX is the key ID in lowercase chars without 0x prefix. YYYYYYYY is the key creation time as unix timestamp in hex without 0x prefix.7) Example usage:

This command would load the the GPG key 0x00A4D52B from a public keyserver and import it into RPM. Please note that SKS keyservers need working TCP connections on Port 11371.

Verify RPM package signatures

Signatures ensure that the packages you install are what was produced by the software maintainer and have not been altered (accidentally or maliciously) by any mirror or third party. YUM should do these checks automatically when installing something out of a repository. However, you may want to check the GPG signature of a RPM package by yourself:

rpm -Kv /path/to/example.rpm

RPM needs the correct public key for this check. If you don't know how to get it, read on to learn what to do.

A perfect real-world example is the RPM Fusion setup to configure the RPM Fusion repositories on your Fedora system. They provide setup packages to install the needed .repo files and GPG keys without hassle. But you should verify them to make sure they are not altered and are really containing the original RPM Fusion keys instead the ones an attacker is using to sign it's malicious packages for his fake repository.

Let' start. RPM Fusion says we can configure everything with the following command:8)

Puppet is a9) powerful open source tool to automate the configuration of and software management on Unix-like10) operating systems. This posting is a distillate of the resources I collected during my Puppet learning phase. I hope it helps to get an overview about what Puppet can do for you and how to use it (plus providing existing Puppet users some new ideas or tips).

Books

Notes

Puppet Labs provides YUM and APT repositories. If you need a newer Puppet version than the one offered by your distro repository, have a look at yum.puppetlabs.com and apt.puppetlabs.com. You might need to tinker a little bit to get a working repository file.
Fedora YUM repository example:

Puppet is also useful in very small IT environments like e.g. your home network. Even with only one system to maintain, you may want to automate things e.g. for fast re-installation (a central Puppetmaster server is not mandatory, cf. so called “masterless” mode → puppet apply site.pp). Compare the situation with a source code VCS: Thousands of developers are using something like Git for their source code, even if they are the only developer of a specific project. The reason is that Git is not just a tool for “big teams and corporations”. It provides functionality every developer can benefit from. Same for Puppet: even if you got only a few computers to maintain, you may want to automate things plus documenting your setup by doing so. Puppet provides functionality every administrator can benefit from.

Since PHP5, methods can return objects (including $this). This enables you to chain the method calls after preparing your class by returning the object itself. Therefore, “Method chaining” may save you e.g. much copy & paste or chars to type, reducing typing time for dozens of $obj->method() calls.

The interface of Google Groups implies that you can only subscribe with a Google Account and its email address. But even Google makes it harder than it should be, it is possible to use any other valid email address to subscribe. You just have to call the subscription page manually by editing a URL:

Some userspace programs got problems with the 2.6.x→3.x kernel numbering transition. To prevent the need to fix everything at once, the Fedora developers decided to ship 3.x kernels as 2.6.4x on Fedora 15 Lovelock and use the correct numbering scheme on Fedora releases ≥16 Verne.

This kernel version numbering hack makes some problems with the current VirtualBox 4.1.6 on Fedora 15: /etc/init.d/vboxdrv setup exits with an error (/var/log/vbox-install.log says that recompiling VBoxPci-linux.o failed). The reason is simple: A check thinks that the running kernel 2.6.41.1 is older than 3.1. Therefore the wrong header file gets included (asm/amd_iommu.h instead of linux/amd-iommu.h).